CVE-2021-43840

The CVE concerns the message_bus Ruby gem. If deployed before version 3.3.7 with diagnostics enabled, a path traversal flaw in the diagnostic route could disclose secret information; impact increases without a proxy, while proxies (e.g., Nginx with merge_slashes) can limit exposure to about 3 dir...